The Blog

Google is leading an effort to make the web more secure, but it could hurt small businesses not prepared for the change. Last month Google began displaying the words “not-secure” in the URL next to select web pages. Eventually their goal is to display a red triangle warning marked Not-secure next to every webpage not served over SSL.

If you use Google’s popular browser Google Chrome, you are in good company. Over 1 billion people use the browser worldwide, making it one of Google’s biggest products. But this update could damage the reputation of businesses unprepared for the change. So let’s take a look at what SSL is and what you need to do to secure your website.

The Secure Mark

Those with a keen eye may have noticed the green padlock in the URL bar next to some websites. This symbol used by all the major browsers including Chrome, Internet Explorer, and Firefox. It indicates the website is being served over a Secure Sockets Layer or SSL for short. That’s a fancy way of saying your web browser established an encrypted connection to the website.

This is important for a number of reasons:

An encrypted connection ensures data transmitted to and from the website is hidden from the view of anyone who may attempt to intercept that communication.

For users, this means any data they send has an extra layer of security. Typically this data is financial in nature, but could include passwords, personally identifiable information, addresses, phone numbers, etc.

SSL certificates are not new technology. They have been around since Netscape first adopted them in 1994 in response to increasing concerns about web security. Traditionally they were used when a higher level of security was necessary (ie banking, personal finance, e-commerce websites etc.)

This is partially due to the additional costs of an SSL certificate which typically runs anywhere from $10 to several thousands of dollars per year. Because the certificates expire, they also require a level of maintenance most website owners didn’t find necessary.

Websites Marked Not-Secure

However, the landscape has changed and security has become a priority for many users. Google first proposed the idea in December 2014, outlining their desire to have standard websites marked not-secure. Following the introduction of new SSL providers and options for securing a website the proposal gained steam, eventually leading Google to release an announcement in September of 2016 that their popular browser would soon start displaying the warning on particular pages.

To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as not-secure, as part of a long-term plan to mark all HTTP sites as not-secure.

This is the first step of many in their rollout plan. They continue with:

In following releases, we will continue to extend HTTP warnings, for example, by labelling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy. Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.

Simply put, unless your website is served over SSL very soon, your website will be marked not-secure. That’s not the message I want my visitors to get.

If not, contact your web developer or hosting provider and ask them to help you install one. Typically this requires server-side work and a dedicated IP address, which means you will need help from a server admin. You should also expect to pay additional fees for both the certificate and dedicated IP, typically starting at about $15 per month.

The exact timing for Google’s next step of the rollout is uncertain. We know it’s coming, but we’re not sure when. Unfortunately certain web pages marked not-secure is only the beginning. This means it is essential for small businesses and website owners to prepare for the upcoming change now, before it affects your customers.

Follow us on Facebook

Join Our Newsletter

Latest from the Blog

Browsing the internet only on your computer is a thing of the past. More and more internet users are now logging on to the internet with the small screen in their hands. With more of your potential customers using their smartphone to find you, will they like what they see? What makes a website mobile friendly? […]